#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Part of RedELK

Script to load the config file

Authors:
- Outflank B.V. / Mark Bergman (@xychix)
- Lorenzo Bernardi (@fastlorenzo)
"""

import json
import logging

with open("/etc/redelk/config.json", encoding="utf-8") as json_data:
    # pylint: disable=invalid-name
    data = json.load(json_data)

# -- logging
# CRITICAL, 50
# ERROR, 40
# WARNING, 30
# INFO, 20
# DEBUG, 10
# NOTSET, 0

LOGLEVEL = logging.WARN
if "loglevel" in data:
    LOGLEVEL = data["loglevel"]

# -- directory for cache files (including shelves)
TEMP_DIR = "/tmp"
if "tempDir" in data:
    TEMP_DIR = data["tempDir"]

# -- Notifications
# pylint: disable=invalid-name
notifications = {
    "email": {
        "enabled": False,
        "smtp": {"host": "localhost", "port": 25, "login": "", "pass": ""},
        "from": "",
        "to": [],
    },
    "msteams": {"enabled": False, "webhook_url": ""},
    "slack": {"enabled": False, "webhook_url": ""},
}
if "notifications" in data:
    for n in data["notifications"]:
        notifications[n] = data["notifications"][n]

# -- Alarms
# pylint: disable=invalid-name
alarms = {
    "alarm_filehash": {
        "enabled": False,
        "interval": 300,
        # Virustotal API
        "vt_api_key": "",
        # IBM X-Force API (can be retreived from a sample call on their swagger test site)
        "ibm_basic_auth": "",
        # Hybrid Analysis API
        "ha_api_key": "",
    },
    "alarm_httptraffic": {
        "enabled": False,
        "interval": 310,
        "notify_interval": 86400,  # Only notify on the same IP hit every 24h by default
    },
    "alarm_useragent": {"enabled": False, "interval": 320},
    "alarm_dummy": {"enabled": False, "interval": 300},
    "alarm_manual": {"enabled": False, "interval": 300},
    "alarm_backendalarm": {"enabled": False, "interval": 320},
}
if "alarms" in data:
    for a in data["alarms"]:
        alarms[a] = data["alarms"][a]

# -- Enrichments modules
# pylint: disable=invalid-name
enrich = {
    "enrich_csbeacon": {"enabled": True, "interval": 300},
    "enrich_stage1": {"enabled": True, "interval": 300},
    'enrich_sliver': {"enabled": True, 'interval': 300},
    "enrich_greynoise": {
        "enabled": True,
        "interval": 310,
        "cache": 86400,  # Only query for the same IP hit every 24h by default
        # Greynoise Community API Key - Default RedELK key if none provided
        "api_key": "cEwJeLyDkNSXzabKNvzJSzZjZW0xEJYSYvf2nfhmmaXQHfCA8bJb49AvI3DF5Tlx",
    },
    "enrich_tor": {"enabled": True, "interval": 320, "cache": 3600},
    "enrich_iplists": {"enabled": True, "interval": 330},
    "enrich_synciplists": {"enabled": True, "interval": 360},
    "enrich_syncdomainslists": {"enabled": True, "interval": 355},
    "enrich_domainscategorization": {
        "enabled": True,
        "interval": 345,
        # IBM X-Force API (can be retreived from a sample call on their swagger test site)
        "ibm_basic_auth": "",
        # Virustotal API
        "vt_api_key": "",
    },
}
if "enrich" in data:
    for e in data["enrich"]:
        enrich[e] = data["enrich"][e]

# pylint: disable=invalid-name
es_connection = ["http://localhost:9200"]
if "es_connection" in data:
    es_connection = data["es_connection"]

project_name = data["project_name"] if "project_name" in data else "redelk-project"
